fix(examples): bump vite to ^7.3.3 to fix security vulnerabilities

[chrisgervang]

Background

Vite versions < 7.3.3 have two high-severity CVEs:

• GHSA-4w7w-66w2-5vf9 (Path Traversal in Optimized Deps .map Handling)
• GHSA-p9ff-h696-f583 (Arbitrary File Read via Dev Server WebSocket)

All 62 examples specified "vite": "^7.3.1" which allows installation of vulnerable versions.

Change List

• Bump vite minimum version from ^7.3.1 to ^7.3.3 across all 62 example package.json files

---

Note

Low Risk
Low risk: this is a devDependency-only patch bump across example apps, with no runtime/library code changes; main risk is potential example build/dev-server behavior changes from the newer Vite patch.

Overview
Updates all example projects to require vite ^7.3.3 (from ^7.3.1) in devDependencies, ensuring installs pick up the patched Vite release that addresses known security issues in older versions.

^{Reviewed by Cursor Bugbot for commit c5dcffa. Bugbot is set up for automated code reviews on this repo. Configure here.}

[coveralls]

coverage: 83.37% (+0.004%) from 83.366% — chr/fix-npm-security-basemap-browser into master

[ibgreen]

Nice. (We could just go all the way to 8.)

[chrisgervang]

Good point - I'm mainly trying to unblock your ability to run basemap-browser for testing #10228. I can look at 8 in a follow up in case there are breaking changes